Better handling of session errors in ajax requests - do page reload

on 403 Forbidden response (#1488960)
author: Aleksander Machniak <alec@alec.pl> 2013-03-14 09:30:13 +0100
committer: Aleksander Machniak <alec@alec.pl> 2013-03-14 09:32:21 +0100
commit: 5b82ed62dc21d8dc922dcafb5aa5e15ce4fcc142 (patch)
tree: 8b011e91aa07df03adcbf43520b5f96b36072e84
parent: 58993ffcbbfb8b362ebf9d088125fb73d7f6cbed (diff)
2 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 954c6d86c..a249d848c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Better handling of session errors in ajax requests (#1488960)
 - Fix HTML part detection for some specific message structures (#1488992)
 - Don't show fake address - phishing prevention (#1488981)
 - Fix forward as attachment bug with editormode != 1 (#1488991)
diff --git a/program/js/app.js b/program/js/app.js
index 41781b9e2..329bd772e 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -6350,6 +6350,14 @@ function rcube_webmail()
     if (location_url && this.env.action != 'compose')  // don't redirect on compose screen, contents might get lost (#1488926)
       this.redirect(location_url);
 
+    // 403 Forbidden response (CSRF prevention) - reload the page.
+    // In case there's a new valid session it will be used, otherwise
+    // login form will be presented (#1488960).
+    if (request.status == 403) {
+      (this.is_framed() ? parent : window).location.reload();
+      return;
+    }
+
     // re-send keep-alive requests after 30 seconds
     if (action == 'keep-alive')
       setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);
author	Aleksander Machniak <alec@alec.pl>	2013-03-14 09:30:13 +0100
committer	Aleksander Machniak <alec@alec.pl>	2013-03-14 09:32:21 +0100
commit	5b82ed62dc21d8dc922dcafb5aa5e15ce4fcc142 (patch)
tree	8b011e91aa07df03adcbf43520b5f96b36072e84
parent	58993ffcbbfb8b362ebf9d088125fb73d7f6cbed (diff)